Security researchers at Bitdefender have discovered a new phishing scam that installs a malicious extension in the Chrome web browser in order to turn Facebook 'likes' into cash for cyber crooks.

The exploit begins with a malicious link embedded in spam email, says Bogdan Botezatu, a senior e-threat analyst at Bitdefender. The link ushers you to the Chrome Web Store, where you download an extension for a "business" Flash player—assuming you're foolish enough to click on spam links.

Once this so-called "business" version of Flash is downloaded, it monitors your browser activity. When you land on a Facebook page with Chrome, the malware checks your browser cookies to see if you're logged into Facebook. If you are, it will fetch a piece of Javascript code that tells the extension what to do with your account.

"They can run as many campaigns as they want," Botezatu said in an interview. "All they have to do is fetch a new script."

A study released Wednesday shows one in four consumers who receive a data breach letter become the victim of identity fraud. That statistic represented 12.6 million victims last year -- one million more than the year before, according to the 2013 Identity Fraud Report released by Javelin Strategy & Research.

"This past year was one where there were both successes and setbacks for consumers, institutions and fraudsters," said Jim Van ****, CEO of Javelin Strategy & Research, in a prepared statement. "Consumers and institutions are now starting to act as partners—detecting and stopping fraud faster than ever before. But fraudsters are acting quicker than ever before and victimizing more consumers. Consumers must take data breach notifications more seriously and maintain vigilance to safeguard personal information, especially Social Security numbers."

Javelin researchers have conducted the annual study for 10 years, most recently by launching an address-based survey of 5,249 U.S. consumers. According to a news release, this is the nation's longest-running study of ID fraud with 48,200 participants in the past decade. This latest survey was conducted with assistance from CitiGroup Inc., Intersections LLC and Visa Inc.

Twitter uses DMARC to take action against email phishing for user passwords after high-profile hacks

Twitter's 'Postmaster' Josh Aberant today announced that Twitter has been using a new technology called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing.

Phishing is the practice of sending fake emails to people that look like they come from a company like Twitter but actually don't. The goal is to harvest user passwords by tricking people into entering passwords on sites that are owned by hackers and harvesters, rather than by the companies that they're imitating.

Twitter says that using the DMARC technology makes it 'extremely unlikely' that any users will see any email pretending to be from a Twitter.com address.

"Without getting too technical," writes Aberant, "DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes."

McAfee Labs revealed that sophisticated attacks originally targeting the financial services industry are now increasingly directed at other critical sectors of the economy, while an emerging set of new tactics and technologies are being implemented to evade industry-standard security measures. [Screenshot]

Their report showed the continued proliferation of password-stealing trojans and advanced persistent threats (APTs) such as Operation High Roller and Project Bliztkrieg, and the expansion of their attacks to government, manufacturing and commercial transaction infrastructure targets.

"We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together," said Vincent Weafer, senior vice president of McAfee Labs. "This represents a new chapter in cybersecurity in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries."

The Obama administration is turning up the heat on nation-state cyberespionage attackers in a new policy aimed at protecting the U.S. government and businesses from theft of their intellectual property that goes further than previous administrations in addressing the worst-kept secret that cyberspies are stealing U.S. IP.

Direct diplomatic pressure, greater law enforcement engagement, promotion of better security practices by potential victims, tougher legislation, and more aggressive public awareness campaigns are some of the main approaches of the strategy announced yesterday by administration officials.

The announcement came a day after Mandiant published a detailed and highly publicized report outing the Chinese military as a major perpetrator of IP theft against the U.S. The report provided the first public disclosure of evidence of a long-suspected Chinese military link to cyberespionage against U.S. firms, tying a prolific and especially persistent cyberespionage group out of China to the People's Liberation Army. The group is responsible for attacks on at least hundreds of companies across 20 major industries, according to Mandiant's investigations into those breaches.

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Track this thread and email me when there are updates.Please read before posting

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Old Thread Warning!

This thread is more than days old. It is very likely that it does not need any further discussion and replying to it will serve no purpose. However, if you feel it is necessary to make a new reply, you can still do so.

I am aware that this thread is old, but I still want to post a reply.

Checkbox must be checked in order to post in this old thread.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.